Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
|
||
|
malicious
Score: 100
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
IP | Country | Detection |
---|---|---|
192.198.91.138 | United States | |
79.96.189.196 | Poland | |
185.51.201.252 | Iran (ISLAMIC Republic Of) | |
Click to see the 1 hidden entries | ||
104.27.164.253 | United States |
Name | IP | Detection |
---|---|---|
innhanmachn.com | 104.27.164.253 | |
shomalhouse.com | 185.51.201.252 | |
bieldruk.pl | 79.96.189.196 |
Name | Detection |
---|---|
0 | |
http://shomalhouse.com/wp-includes/ID3/IDz/ | |
https://192.198.91.138:443/ZEUDBeOMQoVZUQ/ | |
Click to see the 1 hidden entries | |
http://innhanmachn.com/wp-admin/sA/ |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\arc DW2569.doc.6dw84me.partial |
8 | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\arc DW2569[1].doc |
8 | # | |
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log |
ASCII text, with CRLF line terminators | # | |
Click to see the 17 hidden entries | |||
C:\Users\user\Pjq6t3_\Jvnk7yk\N1pjur3u.exe |
data | # | |
C:\Users\user\Documents\20201029\PowerShell_transcript.405464.SJKhkajm.20201029161015.txt |
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC |
Little-endian UTF-16 Unicode text, with CR line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
data | # | |
C:\Users\user\AppData\Local\Temp\~DFE7651CFF9CB2AB15.TMP |
data | # | |
C:\Users\user\AppData\Local\Temp\~DFB9C9081D4B69DC7F.TMP |
data | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2d1tytjy.sf5.psm1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0bdvi2yh.daf.ps1 |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D984B7E6-1A3B-11EB-90E5-ECF4BB570DC9}.dat |
Microsoft Word Document | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\arc DW2569.doc:Zone.Identifier |
very short file (no magic) | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\arc DW2569.doc.6dw84me.partial:Zone.Identifier |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{D1529BFA-A63E-464A-AFB7-4731F6466D8C}.tmp |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{0EF28CB4-8A72-4599-A732-8A27FBDCEC04}.tmp |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\1BF93412-18F9-435E-82D8-E375841C336D |
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D984B7E8-1A3B-11EB-90E5-ECF4BB570DC9}.dat |
Microsoft Word Document | # |